Our advisory contained one serious piece of mis-information. The latest
version of ld.so that we tested (1.9.2) still appeared to be
vulnerable to this overflow.
We strongly recommend that anyone running linux install the patch
distributed with the advisory, or wait for your vendor to release
an updated ld.so package and install that as soon as possible.
The patch is available from our web site (http://www.dec.net/ksrt).
We apologize for any confusion this might have caused.
KSR[T] Team
-----
KSR[T] Website : http://www.dec.net/ksrt
E-mail: ksrt@dec.net